dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3278
share rss forum feed

bigboy

join:2000-12-04
Palo Alto, CA

Zyxel USG 20 and Sonic.net ipv6?

Has anyone been successful in configuring a USG 20 and Sonic.net ipv6? The examples given by Zyxel in its user guide and application notes doesn't seem to jive with what Sonic.net provides for information.

For example, Sonic.net provides a:

"sonic-side v4 address" (which is assume is the ipv4 address of the Sonic's tunnel)
"customer-side" (which is my static WAN ipv4 address)
"Transport" (which is a 2001.../127 address - ?)
"Network" (which is a 2001.../60 address - my LAN?)

There are a number of examples, including for an Airport Extreme, but nothing for Zyxel (no surprise).

Anyone have any suggestions of where I can read up and figure this out?


JPedroT

join:2005-02-18
kudos:1

Look for a support note from ZyXEL that shows how to set it up IPv6.

But you are right, Network is your LAN and Transport is your WAN.
--
"Perl is executable line noise, Python is executable pseudo-code."



leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

said by JPedroT:

Look for a support note from ZyXEL that shows how to set it up IPv6.

Since the setup for native IPv6 and the varies IPv6 tunnel types (6in4, 6to4, teredo) are all different make sure you look for instructions on how to configure a 6in4 tunnel (this is what Sonic.net provides).
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!

bigboy

join:2000-12-04
Palo Alto, CA
reply to bigboy

Can I assume IPv6-in-IPv4 is 6in4?



leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

The term "IPv6-in-IPv4" appears in RFC 4213 which defines "Basic Transition Mechanisms for IPv6 Hosts and Routers" including 6in4 tunnels (interestingly, the term "6in4" is not used in the RFC).

I'm fairly certain that the two terms have the same meaning.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


bigboy

join:2000-12-04
Palo Alto, CA
reply to bigboy

Okay, well, this isn't working. I'm using the IPv6-in-IPv4 example here on page 50.

»www.zyxel.com/web/download.php?F···_quarter

(the application notes has only a 6to4 configuration example)

The tunnel example seems straightforward - put the sonic-side v4 address in the Remote Gateway entry.

The Ethernet example is a bit more complicated. I assume I put the "Network" (LAN) address in the Router Advertised Prefix Table? And then I put the customer-side transport IPv6 address in the IPv6 Address/Prefix Length field? I also noticed that the SLAAC checkbox isn't ticked off like it is in the 6to4.

Any suggestions? My computers aren't getting an IPv6 address. I'm tempted to try using my Airport Extreme and seeing how that would work.

Help!



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

Why beat your head against the wall....... oh wait, probably a cisco guru ;-P, Call 800-255-4101 ext 5 and ask tech support.
I am curious as to their level of readiness for such inquiries.


polarisdb

join:2004-07-12
USA

1 edit

This has been kind of maddening for someone like me with only a basic grasp of IPv4, let alone IPv6.

Even though my ISPs don't yet support IPv6, I was playing around with the IPv6 configuration from the examples in the documentation for my USG50 and somehow managed to mess things up enough so that my Linux virtual machines could no longer grab IPv4 LAN addresses from the USG50 DHCP server. I think I'll hold off on IPv6 for a bit until someone hopefully posts an idiots guide to IPv6 on Comcast...


bigboy

join:2000-12-04
Palo Alto, CA
reply to bigboy

I'm there too. After one more bout of my USG 20 having to restore firmware from the last good version on a reboot, I'm done with trying to configure this thing for IPv6. Things were so much simpler with my old Z2, and now things are exponentially more complicated to configure (and more powerful, of course) with my USG 20.

I was playing around with the IPv6 capabilities of my Airport Extreme that I'm using as an AP, and while it was able to configure a tunnel apparently, access to IPv6 sites was timing out. I'm sure it has to do with the fact that I'm using my USG 20 as my router, but I was hopeful that it might be possible to have a separate box be able to be the IPv6 router, but I guess not.



leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

I tried looking at the documentation that you linked to above, but I got prompted for a password when I tried to read it ?

I think that putting the customer-side transport IPv6 address anywhere in the local ethernet side configuration would be a mistake but lacking documentation for the USG I'm not sure.

As long as the USG doesn't block IPv4 protocol number 41 you should be able to setup another router as IPv6 router on your local network (behind the USG 20).
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


bigboy

join:2000-12-04
Palo Alto, CA

Here's another link. It actually redirects to an anonymous FTP site.

»ftp://ftp2.zyxel.com/ZyWALL_USG_20/use···_Ed1.pdf

I'll try open up 41 and see if I can use the AE tonight...


Kirby Smith

join:2001-01-26
Derry, NH

1 recommendation

reply to leibold

It has been my experience that the most recent Acrobat Reader can open the file without a password while other pdf readers cannot. This is on Ubuntu.

kirby



leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

1 recommendation

Thanks Kirby, that worked (using SuSE Linux here).

The first step in creating the Sonic.net IPv6 tunnel in the USG 20 is to collect all the information that you need. Unfortunately the way the tunnel information is presented in the Sonic.net Member Tools site requires to look at two screens.

The first screen is the page where you create (or view or modify) an IPv6 tunnel:

Create/View/Modify Tunnel

Here you find out the IPv6 address block assigned by Sonic to your local network (5) as well as the public IPv4 address (2) specified by you for your IPv6 router.

The second screen is the page where you can view configuration examples for varies common hosts/routers. More important then the actual examples is the summary at the top of the page giving all 4 IP addresses associated with your 6in4 tunnel:

View Example Configurations


  • The IPv4 address of the Sonic side (1)

  • The IPv4 address of the Customer side (2) which is your IPv6 routers public IPv4 address

  • The IPv6 address of the Sonic side (3)

  • The IPv6 address of the Customer side (4)



How to enter this information into the USG 20 follows in the next post.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

1 edit

1 recommendation


USG20 Tunnel
Based on the manual that you linked to (since I don't have a USG):

Step 2.8.2 Setting Up the IPv6-in-IPv4 Tunnel
The example shows a WAN interface (wan1) that has a dynamic IPv4 address. If you have a static IPv4 address for your router you would enter it in Gateway Settings under IP Address (instead of Interface). This is especially important if you have a block of 4 or 8 static IP addresses!
If you only have a dynamic IP address follow the example and specify your address by selecting the Interface.
The USG 20 shows the tunnel IPv6 Address Assignment as optional, but since that information is provided by Sonic I would enter it.

Edit: bigboy See Profile confirms that the IPv6 Address Assignment for the tunnel is important. Enter the customer-side IPv6 address (4) in this field together with the /127 prefix length.

Ethernet and Policy setup to follow.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to bigboy

Quick question (great thread and input by the way), are people being forced to implement IPV6 already??



leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

said by Anav:

are people being forced to implement IPV6 already??

I have not heard of anybody that has IPv4 address(es) being forced to adopt IPv6. However AT&T is using one of the private IP address blocks (10/8) for its uverse CGN network (which is part of their IPv6 strategy). This means that customers that are using this block for their home network will have to switch to one of the other private IP address blocks.
Therefore some (probably few) customers have to make changes because of IPv6 even if they are not planning on using it.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

1 edit

1 recommendation

reply to leibold


USG LAN Ethernet
Step 2.8.3 Setting Up the LAN IPv6 Interface
There are two parts to this. First you have to pick one of the IP addresses in your IPv6 network block and assign it to the router (IPv6 Address Assignment). This is the address that all your computers will use to sent traffic to the router. Typically that is the address XXXX:XXXX:XXXX:XXX0::1 where the Xs stand for the prefix of your assigned IPv6 address block.
The second part is configuring the IPv6 block and its prefix length (/60 for Sonic.net tunnels) in the IPv6 Router Advertisement section.

Properly configured your router will advertise its own IPv6 address (so that everybody knows how to find the router) and the IPv6 block (so that SLAAC, the stateless address auto configuration can work in the hosts).

Edit: based on the findings from bigboy See Profile:
- be sure to keep the SLAAC checkbox blank (as shown in the picture above from the USG documentation)
- instead of the /60 prefix provided by Sonic.net use the smaller /64 prefix typically used for IPv6 LANs. This is valid, it just means that you only use a portion of the assigned address block.
- stick with the default ::1 as the router address.

Still to come, policy routing.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

1 recommendation

In step 2.8.2 you created the 6in4 tunnel between your router and Sonic.net.
In step 2.8.3 you gave your LAN Ethernet interface an IPv6 address and configured your router to send out Router Advertisements (a key feature of IPv6 networking).
What is still missing is the connection between the LAN Interface and the 6in4 tunnel and this is were policy based routing comes in:


USG Policy


Step 2.8.4 Setting up the Policy Route
In the first part of the instructions you create a new IPv6 Address object and enter both the IPv6 address and the /60 prefix length of your assigned IPv6 address block (5).
Once you have created that IPv6 Address object you use its name to configure the source address of the policy route (leaving 'any' as the destination address).
Finally you specify the next hop destination by selecting Interface as the type and tunnel0 (or whatever name you chose in step 2.8.2) as the name.

This means that IPv6 traffic from your LAN to the Internet will be sent via the 6in4 tunnel to the Sonic.net gateway. At least that is what the document says, keep us posted with the results.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!

bigboy

join:2000-12-04
Palo Alto, CA

This is very similar to what I tried last. What is puzzling is that my Mac is not picking up an IPv6 address (it's configured to Automatic in the Network settings). When I was screwing around with my AE, my Mac automatically picked up a IPv6 address - it's not doing it with the Zyxel, or is the assumption that I have a static IPv6 address for each device with this 6in4 configuration?


JPedroT

join:2005-02-18
kudos:1

Done any changes to your net since then? Router Advertisments and Solicitations are done with multicast.
--
"Perl is executable line noise, Python is executable pseudo-code."


JPedroT

join:2005-02-18
kudos:1

1 recommendation

reply to Anav

said by Anav:

Quick question (great thread and input by the way), are people being forced to implement IPV6 already??

Yes, if you do not migrate within a fortnight, you will be banned from the internet....

--
"Perl is executable line noise, Python is executable pseudo-code."


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET
reply to bigboy

In order for your computers on the LAN to get an automatic assignment of a IPv6 address with global scope you only need the configuration in step 2.8.3 to configure the LAN Ethernet interface (both IPv6 Address Assignment and IPv6 Router Advertisement Setting are important as well as the Enable IPv6 checkbox). Even without policy based routing and without a working 6in4 tunnel this should give your USG an IPv6 address and cause it to respond to router discovery requests.
You do not need to assign static IPv6 addresses to your computers, but you could try a static IPv6 address (out of your assigned block) to see if you can ping the router with IPv6 ping.

One thing to make sure is that you do not have another IPv6 router (such as the AE) configured at the same time on your network. If the AE is still holding the ::1 IPv6 address for your network block, the USG will probably not work because of the address conflict.

You previously mentioned using the customer side IPv6 address in the Ethernet IPv6 Address Assignment. I'm assuming you fixed that ?
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to JPedroT

said by JPedroT:

said by Anav:

Quick question (great thread and input by the way), are people being forced to implement IPV6 already??

Yes, if you do not migrate within a fortnight, you will be banned from the internet....

That would be a shame, who would keep you accountable then, it would be a disaster free for all.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment

bigboy

join:2000-12-04
Palo Alto, CA
reply to leibold

That's what I thought re:Address Assignment and Router Advertisement. The USG 20 is not handing out addresses. I guess I can try the static address approach, but given it's my laptop, I don't want to be using static addresses because I use it in more than one location.

I don't think it's the rest of my network, as the Airport Extreme, when I have it doing IPv6 has no problem handing them out to devices on the network. I suppose I could just have the Airport do the tunnel, but it just seems strange that the Zyxel isn't doing its job.



leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

I didn't mean static assignment as a solution, just for troubleshooting.

There could be something that we are missing since the IPv6-in-IPv4 example in the manual is showing how to use that protocol for site-to-site tunneling. Perhaps there is a small difference somewhere when using 6in4 to an ISP or Tunnelbroker for Internet access ?

You may have already done this, but just in case:

said by USG User Guide :

You have to enable IPv6 globally in the CONFIGURATION > System > IPv6 screen to make the IPv6 settings work.

That is in addition to the individual Enable IPv6 settings on the Ethernet, Policy Routing and other screens. IPv6 needs to be enabled on the LAN Ethernet interface and the Policy Routing screens but not on the WAN Ethernet interface (the traffic through the WAN interface is IPv4).

The examples I created show how to use the entire Sonic.net IPv6 block which is a /60 prefix. The typical prefix length for an IPv6 LAN is a smaller /64 which is also what the USG manual shows in the native IPv6 example. You could try changing the /60 prefix length to /64. While that leaves much of your IPv6 address block unusable, I'm pretty sure 4 billion * 4 billion IPv6 addresses for home use might just be enough It may be worth trying in case the USG wants exactly a /64 prefix.

You can also turn on the DHCPv6 server in the USG but stateless address auto configuration (SLAAC) should be working by itself.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!

bigboy

join:2000-12-04
Palo Alto, CA
reply to bigboy

Note that the SLAAC box isn't ticked in the Zyxel config example, though it doesn't seem to make a difference (I tried both).

Interesting comment on the /60 vs. /64. I will try that later today.

Given that IPv6 is new for Zyxel USG, I guess we shouldn't be surprised with teething problems...


bigboy

join:2000-12-04
Palo Alto, CA
reply to leibold

The /60 vs. /64 was it. Once I changed it to /64, I was able to pick up an address.

Now back to fiddling with the tunnel. I'm not able to get out, but at least I can get an IPv6 address...


bigboy

join:2000-12-04
Palo Alto, CA

1 edit

1 recommendation

reply to leibold

Huzzah! Success.

Ethernet configuration:
1. SLAAC needs to be turned off for 6in4
2. I was being cute with IPv6 Address/Prefix Length. Stick with :1
3. As noted earlier, this implementation doesn't support /60 - need to use /64 (this is a bug to me)

Tunnel
1. You are correct with the customer-side transport IP - needs to be in the IPv6 Address/Prefix Length, which is blank in the Zyxel example.

Policy Route example is correct. (EDIT) Make sure you use the /64 subnet for LAN1_SUBNET (/EDIT)

Thanks for all the help.



leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

Congratulations on your success and thanks for following up with the details that made it work.

Hopefully this will be helpful for other USG owners that want to setup 6in4 tunnels to their ISP (like Sonic.net) or a tunnelbroker (like he.net).

Thanks!
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


polarisdb

join:2004-07-12
USA

1 recommendation

Thanks leibold, this is good stuff. It would be interesting to see a similar post for a IPv6 native dual stack configuration to support something like what Comcast is rolling out.